1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
# Part of Odoo. See LICENSE file for full copyright and licensing details.
import json
from collections import OrderedDict
from lxml import etree
from re import search
from odoo import Command
from odoo.tools import mute_logger, config
from odoo.exceptions import AccessError
from odoo.tests import HttpCase, tagged
from .test_project_sharing import TestProjectSharingCommon
@tagged('post_install', '-at_install')
class TestProjectSharingPortalAccess(TestProjectSharingCommon):
@classmethod
def setUpClass(cls):
super().setUpClass()
cls.env['project.share.wizard'].create({
'res_model': 'project.project',
'res_id': cls.project_portal.id,
'collaborator_ids': [
Command.create({'partner_id': cls.partner_portal.id, 'access_mode': 'edit'}),
],
})
Task = cls.env['project.task']
cls.read_protected_fields_task = OrderedDict([
(k, v)
for k, v in Task._fields.items()
if k in Task.SELF_READABLE_FIELDS
])
cls.write_protected_fields_task = OrderedDict([
(k, v)
for k, v in Task._fields.items()
if k in Task.SELF_WRITABLE_FIELDS
])
cls.readonly_protected_fields_task = OrderedDict([
(k, v)
for k, v in Task._fields.items()
if k in Task.SELF_READABLE_FIELDS and k not in Task.SELF_WRITABLE_FIELDS
])
cls.other_fields_task = OrderedDict([
(k, v)
for k, v in Task._fields.items()
if k not in Task.SELF_READABLE_FIELDS
])
def test_mention_suggestions(self):
suggestion_ids = {
partner.get("id")
for partner in self.task_portal.with_user(self.user_portal)
.get_mention_suggestions(search="")
.get("res.partner")
}
self.assertEqual(
suggestion_ids,
{self.user_projectuser.partner_id.id, self.user_portal.partner_id.id},
"Portal user as a project collaborator should have access to mention suggestions",
)
# remove portal user from the project collaborators
self.project_portal.collaborator_ids.filtered(
lambda rec: rec.partner_id == self.user_portal.partner_id
).unlink()
self.assertEqual(
{},
self.task_portal.with_user(self.user_portal).get_mention_suggestions(search=""),
"Non collaborator portal user should not have access to mention suggestions",
)
def test_readonly_fields(self):
""" The fields are not writeable should not be editable by the portal user. """
view_infos = self.task_portal.get_view(self.env.ref(self.project_sharing_form_view_xml_id).id)
fields = [el.get('name') for el in etree.fromstring(view_infos['arch']).xpath('//field[not(ancestor::field)]')]
project_task_fields = {
field_name
for field_name in fields
if field_name not in self.write_protected_fields_task
}
with self.get_project_sharing_form_view(self.task_portal, self.user_portal) as form:
for field in project_task_fields:
with self.assertRaises(AssertionError, msg="Field '%s' should be readonly in the project sharing form view "):
form.__setattr__(field, 'coucou')
def test_read_task_with_portal_user(self):
self.task_portal.with_user(self.user_portal).read(self.read_protected_fields_task)
with self.assertRaises(AccessError):
self.task_portal.with_user(self.user_portal).read(self.other_fields_task)
def test_write_with_portal_user(self):
for field in self.readonly_protected_fields_task:
with self.assertRaises(AccessError):
self.task_portal.with_user(self.user_portal).write({field: 'dummy'})
for field in self.other_fields_task:
with self.assertRaises(AccessError):
self.task_portal.with_user(self.user_portal).write({field: 'dummy'})
def test_wizard_confirm(self):
partner_portal_no_user = self.env['res.partner'].create({
'name': 'NoUser portal',
'email': 'no@user.portal',
'company_id': False,
'user_ids': [],
})
project_share_wizard_no_user = self.env['project.share.wizard'].create({
'res_model': 'project.project',
'res_id': self.project_portal.id,
'collaborator_ids': [
Command.create({'partner_id': partner_portal_no_user.id, 'access_mode': 'edit'}),
],
})
self.env["res.config.settings"].create({"auth_signup_uninvited": 'b2b'}).execute()
project_share_wizard_no_user_action = project_share_wizard_no_user.action_share_record()
self.assertEqual(project_share_wizard_no_user_action['type'], 'ir.actions.act_window', 'Sharing a project with partner without user should display a confimation dialog')
project_share_wizard_confirmation = self.env['project.share.wizard'].browse(project_share_wizard_no_user_action['res_id'])
project_share_wizard_confirmation.action_send_mail()
mail_partner = self.env['mail.message'].search([('partner_ids', '=', partner_portal_no_user.id)], limit=1)
self.assertTrue(mail_partner, 'A mail should have been sent to the non portal user')
self.assertIn(f'href="http://localhost:{config["http_port"]}/web/signup', str(mail_partner.body), 'The message link should contain the url to register to the portal')
self.assertIn('token=', str(mail_partner.body), 'The message link should contain a personalized token to register to the portal')
class TestProjectSharingChatterAccess(TestProjectSharingCommon, HttpCase):
@mute_logger('odoo.addons.http_routing.models.ir_http', 'odoo.http')
def test_post_chatter_as_portal_user(self):
message = self.get_project_share_link()
share_link = str(message.body.split('href="')[1].split('">')[0])
match = search(r"access_token=([^&]+)&pid=([^&]+)&hash=([^&]*)", share_link)
access_token, pid, _hash = match.groups()
res = self.url_open(
url="/mail/message/post",
data=json.dumps({
"params": {
"thread_model": self.task_no_collabo._name,
"thread_id": self.task_no_collabo.id,
"post_data": {'body': '(-b ±√[b²-4ac]) / 2a'},
"token": access_token,
"pid": pid,
"hash": _hash,
},
}),
headers={'Content-Type': 'application/json'},
)
self.assertEqual(res.status_code, 200)
self.assertTrue(
self.env['mail.message'].sudo().search([
('author_id', '=', self.user_portal.partner_id.id),
])
)
|
